Euro Data watchdog warns of database creep

State databases, the way the European Data Protection Supervisor talks about them in its annual report quickly grow beyond their function and not always with benign consequences for the people they have numbered.

The EDPS' 2006 Annual Report, published yesterday, noted (100-page pdf) how the data guardian's attention had been drawn to the increasing tendency of authorities to establish central databases and large scale IT systems.

This could be problematic because the systems had a habit of snowballing, it said.

"The EDPS has observed a trend in that once a database has been established, access to it is extended to more authorities, for other purposes than those for which it was set up.

"The risk of illegitimate use is another important reason why these databases create particular risks for the people whose data are used."

The report loosely describes how part of the reason people were at greater risk of becoming victims of the system was that authorities were rushing ahead with new technologies and thinking about the consequences for civil liberties later.

So European plans for co-operation between its police forces and judiciaries were being rushed through ahead of laws that would ensure their association was done without offending citizens' rights to data protection.

Generally speaking, said the report, the EDPS had only just started to get results in 2006, two years since its inception, and there was still much to do. It had to get the administration to adopt "data protection culture as a part of good governance", while striving to get data protection cover into EU legislation.

Meanwhile, vice president Franco Frattini, the commissioner responsible for both pieces of legislation concerning co-operation between and data protection of European police, came out in support of privacy enhancing technologies (PETs) today as a means of achieving the aims pursued by the EDPS.

He spoke in a statement of the problems the proliferation of computer technology brings. He did not mention the EDPS's lengthy description today of its efforts to get legislation pushed by Frattini to encompass privacy protections in the first place.

Frattini noted how individual privacy was threatened by technology that made "identity theft, discriminatory profiling, continuous surveillance, or deceit" possible.

Privacy enhancing technologies could do something about this, he said. They would ensure that "breaches of the data protection rules and violations of individual's rights are not only something forbidden...but also technically more difficult".

As well as announcing loose plans to promote PETs, Frattini said he was thinking about a pan-European system of "security seals", like ratings for video games, that would commend the privacy enhancing characteristics of certain goods. ®